HIPAA Cloud Overview

When selecting a HIPAA compliant cloud, your organization must configure and maintain all physical, technical, and administrative safeguards required by HIPAA. Utilizing public cloud platforms such as Amazon Web Services (AWS) allows organizations to take advantage of established security programs provided by the cloud provider. Benefits of configuring HIPAA compliant applications in the public cloud include:

Security Certifications

Established cloud platforms like AWS have a number of certifications and security programs organizations are able to take advantage of.

Numerous Cloud Services

Public cloud platforms offer hundreds of managed services that organizations can utilize to build solutions quickly.

Easy Scalability

Public cloud platforms allow organizations to pay for only the services they need and scale out to large services when it is time to scale up.

Flexibility

Organizations can build applications using almost any major technology when using public cloud platform.

For any cloud solutions used for storing, analyzing, and/or transmitting protected health information (PHI), your organization must sign and execute a Business Associates Agreement (BAA). This agreement details the breakdown of HIPAA responsibilities between your organization and the cloud provider.

A BAA should also be signed for all software that will store, analyze, or transmit PHI. So if your team will store PHI in Dropbox, CRM platforms or other services, you must have a signed BAA with those software vendors as well.

2. Utilize services only covered under the BAA

Your cloud provider’s BAA dictates which services can or cannot be used in a HIPAA compliant manner. For example, some organization’s may have covered services for specific product lines, or software packages.

Only services covered under the cloud BAA should be utilized with PHI. Organization’s such as Amazon Web Services (AWS) have a large list of HIPAA eligible services. Your team can utilize BAA covered services to store and handle PHI.

Your team must also implement all technical safeguards not provided or setup by your cloud provider. This includes encryption, backup and recovery, and audit logging solutions. It is possible to build a non-compliant solution on a HIPAA compliant cloud provider.

A Trusted Compliance Partner

Dash is built around a team of compliance and cloud experts. We provide HIPAA cloud solutions that enable organizations to easily configure and manage HIPAA in Amazon Web Services, the market-leading cloud platform.